IDCVSSSummaryLast (major) updatePublished
CVE-2018-6022 5.5
Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.
12-02-2018 - 15:01 23-01-2018 - 06:29
CVE-2018-20062 7.5
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query str
03-01-2019 - 16:25 11-12-2018 - 18:29
CVE-2018-6029 5.0
The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whet
12-02-2018 - 14:43 23-01-2018 - 06:29
CVE-2018-7219 6.8
application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request.
14-03-2018 - 18:24 19-02-2018 - 14:29
CVE-2019-16721 5.8
NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as demonstrated by deleting the admin user.
23-09-2019 - 18:34 23-09-2019 - 14:15
Back to Top Mark selected
Back to Top